1. Field of the Invention
The present invention is generally directed to an apparatus and method for verifying the legitimacy of a financial instrument used by a shopper to transfer funds in a transaction and, more particularly, transactions involving transfer of funds with any financial instrument, i.e., credit payment instrument, debit payment instrument or electronic fund transfer, to a merchant's account during business transactions.
2. Discussion of the Prior Art
Increasingly, shoppers and merchants involved in commerce are turning to the Internet to conduct electronic business transactions. The Internet is particularly attractive to shoppers as it provides a vast knowledge base from which they can research and find information about perspective goods to be purchased. Time can be saved because the shopper does not have to physically travel to various locations, such as a library or store, to obtain information regarding the various goods to be purchased. Instead, the entire process of shopping for goods and services can be completed using a personal computer at one's home so long as the computer is connected to a network, such as the Internet. As time has passed, opportunities for shopping via personal computer have increased as more and more people gain access to the Internet and more and more businesses provide store-like services on the Internet.
Likewise, using the Internet for commerce is extremely attractive to businesses as they can provide the same type of information that has traditionally been provided through catalogs and other advertising at a much lower cost. Furthermore, transactions can occur between shoppers and merchants in a similar manner as those conducted at a check-out stand in a physical store. Indeed, in the case of digital products, such as computer software, videos, music or funds transfer, the goods or services themselves can be delivered through the Internet and payment can be received through the Internet so that the entire transaction occurs through a computer network without the shopper or merchant ever physically meeting in a traditional store. This method of doing business provides tremendous cost savings to the manufacturers and merchants. Even items that need to be shipped can benefit from this form of commerce. Once a shopper has browsed through a merchant's website, selected various goods or services that he or she wishes to purchase and enters financial instrument information, the transaction can be finalized by the merchant.
To finalize the transaction, the merchant simply needs to verify the legitimacy of the financial instrument, arrange collection of the payment and then ship the goods to the shopper. The verification of the financial instrument is the riskiest step in the process. Over time, the verification process has become fraught with problems due mainly to the inability of the banking industry to add to its current verification process because of the millions of installed merchant users. Because of these problems, merchants may incorrectly identify fraudulent shoppers as legitimate shoppers because the information used in a verification process can be forged and legitimate shoppers may be incorrectly identified as possible fraudulent shoppers when they provide slightly inaccurate data to the merchant. This state of affairs has caused some businesses to restrict commerce on the Internet to require processes that involve human interaction at some level. These restrictions have had negative effects on Internet sales. The problem facing merchants is how to determine that a financial instrument and its associated financial account actually belong to the shopper attempting to use the instrument in a remote purchase.
The number one priority of all merchants is sales. The second priority is avoiding fraud. In cases of fraud, in order to avoid financial loss when a financial instrument holder repudiates a transaction, a merchant must prove that the goods were actually delivered to the financial instrument holder and that the shopper was the holder of the financial instrument used for payment. Unfortunately, given the skillfulness of today's fraud rings and the lack of response from financial institutions to the worldwide fraud epidemic, merchants are on the losing end of this battle. Large fraud rings can intercept packages of goods en route and the merchant will loose any dispute with the financial instrument's issuer (the financial institution) should a shopper repudiate usage of the financial instrument or deny accepting delivery of the goods. Even the Address Verification System (AVS) used in the United States and Canada to verify billing address data can be defeated and is not available internationally. In the case of digitally shipped goods such as music, data, or software, the AVS system is useless because no physical shipment takes place and the transaction is considered “card not present” by the financial institutions. In such a case, even a legitimate financial instrument holder can initiate a charge back (repudiate the transaction) at any point. In a “payment instrument not present” situation, typically the merchant loses the dispute and thus incurs losses greater than the amount of the original value.
Given this state of affairs, it becomes very important to a merchant to be able to verify that the user of a financial instrument, the shopper, is a legitimate instrument owner, or has permission of the legitimate owner to use the instrument, before shipping the ordered goods. If such a validation mechanism were available, the merchants would have a more powerful argument against refunding money to a financial instrument (charge-back) when a legitimate instrument owner complains that the instrument was used in a fraudulent manner. A particularly strong argument for the merchant would include a way to prove to the financial instrument issuer (the financial institution) that the financial instrument issuer believed that the person using the financial instrument was the legitimate instrument owner at the time of purchase.
One proposed solution to this problem of course is that a shopper can provide some type of data about him or herself to the merchant, along with a credit payment instrument, a debit payment instrument, or a funds account number, which can be transmitted over the network. However, the problem of validating the shopper as the legitimate owner of the financial instrument still exists because the merchant has limited abilities to cross check the data provided by the shopper with the instrument issuer. For example, there exists no current way to cross the name on the account verses the shopper's identity. Thus, current mechanisms do not address the problem of a shopper using a stolen credit instrument, a stolen debit instrument or some other funds payment instrument. As such, a dishonest person could use a stolen financial instrument's data and present it at the merchant's network site as their own, and the merchant has no way to either approve or disapprove such data.
Even if the merchant is using all available anti-fraud, systems provided by the financial instrument's issuer and some proprietary or third party anti-fraud systems, the merchant still might not realize they are dealing with a stolen financial instrument at the time of the transaction. Only after the goods are shipped and delivered, and a significant time period has passed, would the merchant realize that an illegitimate person used a financial instrument. In the case where a credit, debit or funds account number has been stolen, thousands of dollars can be lost to the honest merchant who accepts the data and completes the fraudulent transactions. Not until the account is canceled can the harm be stopped. The true cost of this crime can only be totaled after the dust settles.
In the end, the issuer of the credit, debit or finds account is ultimately accountable for the lost moneys because they self-insure themselves and their members against fraud to promote safety of the instrument to shoppers. In most cases, the issuer of the instrument will hold the merchant liable for the money that was debited from the financial instrument. If the dishonest party is a merchant and is in league with users of stolen instrument data, the dishonest merchant usually will close up shop long before the issuer is able to reclaim the money lost. Since the issuer does not hold a legitimate account owner liable, the issuer is responsible for the lost money. However, in the case of a lawful merchant, the lawful merchant retains the responsibility of verifying legitimacy of the financial instrument presenter to protect themselves from dishonest persons using stolen financial instruments or account numbers.
A few companies using the Internet have proposed solutions to this problem. One proposed solution is set forth by Templeton et al. in U.S. Patent Application Publication No. 2002/0004772 directed to a system and method for verifying a financial instrument, which is incorporated herein by reference. Templeton et al. proposes a system initiating one or more verifying transactions involving an instrument with details that may vary from one transaction to another such as the type of transaction (deposit, credit or debit), amount of the transaction, number of transactions, the merchant or vender name or account for the transaction, and so on. Selected details, particularly variable ones, are saved to the system. The user obtains information regarding a transaction by accessing the account on-line, via telephone, in a monthly statement, etc. The user then submits the requested details to the system, which compares them to stored details. If the details correspond, then the user may be allowed to use the instrument to purchase a product.
In one embodiment, the system of Templeton et al. deposits into a U.S. financial institution account two very small deposits of money, each of which is between one and ninety-nine cents before the main transaction occurs. The shopper must check the financial institution account to obtain the small deposit amounts and then provide the amounts to the system in order to verify that the financial institution account presented is actually their account. Unfortunately, this method has some distinct disadvantages. First, money is being sent to an account that may never actually be used. Second, this method requires several transactions, for example, the system initially has to send money to the account in order to verify that the account is valid and, presumably, this must be done for every account that is used. While such an amount may be small per transaction, when millions of transactions are involved, such costs can rise quickly. Furthermore, this process may have to be repeated over time to ensure the accounts have not been canceled or compromised. Only after the account has been verified can the system conduct an actual financial transaction. It must be remembered that the whole goal of the Internet is to provide an efficient, time saving and low cost method of doing business. Every additional action a shopper must take in order to provide security can result in lost business for a merchant.
Additionally, the Templeton et al. publication does not address the problems of foreign currency transactions. Since there are fluctuations in foreign currency rates, it would be difficult to confirm amounts charged to a financial instrument without knowing the exact date of the transaction and the exchange rate on that date used by the financial instrument issuer. Perhaps most important no coding is used. In other words all a computer or person has to do is read the amount of the transaction and send that number back to the merchant. A fraudulent shopper could in theory automate this process and easily defeat the system proposed by Templeton et al. by posting random values to the merchant until they get it correct.
Therefore, there exists a need in the art for a method and apparatus which will allow a merchant, or other recipients of funds, to get as close to a non-repudiation situation as possible by establishing that the shopper is the financial instrument's legitimate owner. Essentially, the invention should rely on the fact that if the shopper can convince the instrument issuer that they are the legally responsible party for the instrument, the merchant should also be able to believe that the shopper trying to use the instrument is allowed to use the instrument. Further such a system must have some coding mechanism that is simple enough to aid in a the merchant's ability to verify the legitimacy of the financial instrument used by the shopper but complicated enough that it is difficult to defeat by a person using an illegitimate financial instrument.